[Users] Is there a nginx/zimbra proxy expert here?

Tue Apr 26 15:40:28 CEST 2016

--On Tuesday, April 26, 2016 12:43 PM +0200 Stefan Sänger 
<stefan.saenger at gr13.net> wrote:

> Hi All,
>
> this would basically be a situation where
> http://nginx.org/en/docs/http/ngx_http_auth_request_module.html would be
> handy. It could be used to query some REST URL...

Probably worthwhile to file a bug requesting this be added to Zimbra's 
build.

> Unfortunately this is not part of current zimbra nginx.
>
> I already created patched nginx binaries (with other modules) in 8.6 -
> and can not recommend doing so. Nginx version bundled with 8.6 is to old,
> so this might only be a viable option for 8.7 and later.
>
> Using the zimbra nginx modules is also not an option, as far as I see
> there will always be a route to a mailbox server available.

I'm not quite clear what you mean in this statement.  I would note that as 
of 8.7, it is required for proxy to be installed and in use.  I.e., with 
8.7 and later, you can rely on Zimbra's nginx proxy always existing.

--Quanah

> So, no easy solution comes to my mind, but maybe this helps to think of a
> proper solution.
>
>
> Stefan
>
> Am 26.04.2016 um 08:02 schrieb Barry De Graaff:
>> Hello Yutaka,
>>
>> The webapp I want to proxy, cannot de the validation, so
>> your suggestion would not work for me.
>>
>> Thanks Barry
>>
>> ------------------------------------------------------------------------
>> *From: *"Yutaka Obuchi" <yutaka.obuchi at yahoo.com>
>> *To: *users at lists.zetalliance.org
>> *Sent: *Saturday, April 23, 2016 9:42:33 AM
>> *Subject: *Re: [Users] Is there a nginx/zimbra proxy expert here?
>>
>> Hi Barry,
>>
>> I have been thinking about this lately.
>> You want check not only if ZM_AUTH_TOKEN is in cookie or not,
>> but also if the ZM_AUTH_TOKEN is valid or not before proxying request to
>> your own web application, right??
>>
>> That is difficult, because Zimbra Nginx itself does not make auth token
>> validation from my understanding.
>>
>> How about Zimbra Nginx proxying the request to your own web app which
>> validates the authtoken??
>> Does it work for you??
>>
>>
>> On Wednesday, April 13, 2016 3:29 AM, Barry De Graaff
>> <barrydg at zetalliance.org> wrote:
>>
>>
>> Hello All,
>>
>> is there a nginx/zimbra proxy expert here?
>>
>> I would like to add additional reverse proxies to zimbra proxy,
>> but only allow authenticated users, see:
>>
>> https://bugzilla.zimbra.com/show_bug.cgi?id=101811
>>
>>
>> If you know how-to, please let me know.
>>
>>
>> Barry
>>
>>
>>
>>
>

--

Quanah Gibson-Mount
Platform Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration
A division of Synacor, Inc